6.1.10 Test Pluggable Authentication

MySQL includes a test plugin that checks account credentials and
logs success or failure to the server error log. This is a
loadable plugin (not built in) and must be installed prior to
use.

The test plugin source code is separate from the server source,
unlike the built-in native plugin, so it can be examined as a
relatively simple example demonstrating how to write a loadable
authentication plugin.

Note

This plugin is intended for testing and development purposes,
and is not for use in production environments or on servers
that are exposed to public networks.

The following table shows the plugin and library file names. The
file name suffix might differ on your system. The file must be
located in the directory named by the
plugin_dir system variable.

Table 6.11 Plugin and Library Names for Test Authentication

Plugin or File

Plugin or File Name

Server-side plugin

test_plugin_server

Client-side plugin

auth_test_plugin

Library file

auth_test_plugin.so

The following sections provide installation and usage
information specific to test pluggable authentication:

Installing Test Pluggable Authentication

To be usable by the server, the plugin library file must be
located in the MySQL plugin directory (the directory named by
the plugin_dir system
variable). If necessary, configure the plugin directory
location by setting the value of
plugin_dir at server startup.

To load the plugin at server startup, use the
--plugin-load-add option to
name the library file that contains it. With this
plugin-loading method, the option must be given each time the
server starts. For example, put these lines in the server
my.cnf file (adjust the
.so suffix for your platform as
necessary):

[mysqld]
plugin-load-add=auth_test_plugin.so

After modifying my.cnf, restart the
server to cause the new settings to take effect.

Alternatively, to load the plugin at runtime, use this
statement (adjust the .so suffix for your
platform as necessary):

INSTALL PLUGIN test_plugin_server SONAME 'auth_test_plugin.so';

INSTALL PLUGIN loads the plugin
immediately, and also registers it in the
mysql.plugins system table to cause the
server to load it for each subsequent normal startup without
the need for --plugin-load-add.

Using Test Pluggable Authentication

Then provide the --user and
--password options for that
account when you connect to the server. For example:

shell> mysql --user=testuser --password
Enter password: testpassword

The plugin fetches the password as received from the client
and compares it with the value stored in the
authentication_string column of the account
row in the mysql.user system table. If the
two values match, the plugin returns the
authentication_string value as the new
effective user ID.

You can look in the server error log for a message indicating
whether authentication succeeded (notice that the password is
reported as the “user”):